MessageVerifier creates HMAC signatures using SHA1 hash
algorithm by default. If you want to use a different hash algorithm, you
can change it by providing :digest key as an option while
initializing the verifier:

Then the messages can be verified and returned up to the expire time.
Thereafter, the verified method returns nil while
verify raises
ActiveSupport::MessageVerifier::InvalidSignature.

Rotating keys

MessageVerifier also supports rotating
out old configurations by falling back to a stack of verifiers. Call
rotate to build and add a verifier to so either
verified or verify will also try verifying with
the fallback.

By default any rotated verifiers use the values of the primary verifier
unless specified otherwise.

Then gradually rotate the old values out by adding them as fallbacks. Any
message generated with the old values will then work until the rotation is
removed.

verifier.rotate old_secret # Fallback to an old secret instead of @secret.
verifier.rotate digest: "SHA256" # Fallback to an old digest instead of SHA512.
verifier.rotate serializer: Marshal # Fallback to an old serializer instead of JSON.